April 24, 2019
Authored by: Steve Evans and Sarah Bhagwandin
This post is part of our series of FAQs examining the California Consumer Privacy Act (“CCPA”) that should help employers with operations in California to determine if they are required to comply with the CCPA and if so, what steps their HR professionals and IT departments should take to be in compliance.
By way of background, the CCPA is a new privacy law that will go into effect in early 2020. Because the CCPA refers to “consumers” many HR professionals do not realize that the CCPA, as currently enacted, also applies to data collected about California-based employees. Please see our recent blog post for a summary of which employers will be subject to the CCPA and the key requirements of the law.
Although the law will not be in effect until next year, employers who must comply should be addressing compliance obligations now. For U.S. employers who have not had to comply with the European Union’s General Data Protection Regulation (“GDPR”), the requirements of the CCPA will likely require a new analysis of the treatment of employee-data and updated or new data policies. Employers who are required to comply with the GDPR will likely already be familiar with many of the requirements of the CCPA, and a key area of interest is the degree to which the CCPA aligns with GDPR for purposes of implementing CCPA compliant practices for their California-based employees.
BCLP offers a complete compliance program for employers that includes a formal gap assessment and tailored policies, procedures, and protocols